sharepoint uploaded docs

I am new to sharepoint, but if you have a document that you want to allow a user to upload to a SP site - but once uploaded only offer the document as a read-only to everyone except the original "uploader" (who can modify if they want).

1) Can you elaborate where you set the files access control list, and can this type of setup be achieved? And can anyone show a screenshot of how the access control list to the file looks, i.e. where you can demonstrate who can access, edit, modify etc, to satisfy auditors?

2) And also how can you see revision history of that document, i.e. any amendments made, can you show a screenshot of how and where you can see the actual audit logs for amendments made to the document, to also satisfy auditors.

3) where do sharepoint documents "go", i.e. are they sat on say a file share on the sharepoint server, or do they go into an actual MSSQL DB? If they go on a file share, would the NTFS permissions mirror the sharepoint permissions for the file?

I am doing this blind, as I don't currently have access to a sharepoint site to demonstrate this, but I am pretty sure it can be done.

4.) Subsite / web : This is the "SharePoint site" (or this is the "SharePoints") that users access. It contains, among many other things, lists (which include libraries). This is also the first line of true permissions - you can add / remove groups and people who have access at this level

5.) Lists / Libraries : Must be contained within a subsite. They contain list items (a file is simply an attachment of a list item) These can also have their security inheritance broken and can be assigned unique permissions relative to its' parrent

6.) List Item / file : Must be contained within a list / library. Can also have its security inheritance broken from its parent list

To answer your questions:
1.) Site collection administrators (or anyone with "Full Control" (and other roles)) can modify permissions - there are multiple ways of doing this - elaboration on your specific circumstances would help, else there is google

2.) File versioning must be enabled for the specific library you are referring for this to work. If you want to see the specific file version history, you can click the dropdown menu for a particular list item and select its version history

3.) By default, all SharePoint content resides on the site collections given content database which lives in MS SQL Server. Best practices say that the SQL server should be a separate server(s)

1) I was just wondering where you can see the access control list for a site/file - ie where you can actually see the ACL for a document uploaded to sharepoint (can you show an example), and what kind of permissions are available for the file, i.e. so I can get it in my head how it is similar to NTFS permissions

What if you have documents on the same site with different ACL requirements, can this be done? Or do files uploaded in a site typically inherit permissions set at site level, as would a document added to a directory on an NTFS directory on windows.

SharePoint, despite its unfortunate common perception as such, is not a file share and really should not be treated as a file share.

For instance - Every object in a file share has three permissions : R, W, and X for both of its objects (files and directories)

Since SharePoint is a collaboration, CMS/publishing, and general application toolset, it has many more permissions. It also contains Permission Levels which have a number of permissions rolled up into it.

For instance, the Contribute Permission Level contains 21 permissions (such as utilizing SOAP features, viewing user information, creating alerts, working with versions, etc). This is one of many (many, many) reasons that SharePoint should not be thought of as a file share.

just to establish a baseline knowledge of what kind of access control you can enforce on files in sharepoint, and how to check what they currently are.

Although I appreciate its not like a file share per se, the same concepts apply, i.e. if you need to be able demonstrate only the right/approved people can access a file, be that in sharepoint, file share, inside a RDBMS etc - you need to know where to look and how to prove the current access that file.

Permissions auditing in SharePoint is infamously lacking - you can check if a single user has permissions at a particular level, but there are basically no security auditing tools OOB - when we are requested to provide some form of audit report, I have to write a PoSH script that interacts with the server object model to pull that info but there are also 3rd party tools that do the same.

Featured Post

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade. That can be fixed so it 'works around' agai…

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft.
If s…

This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions.
Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention.
Multiple USB devices need t…